CVE-2026-43228

Published: May 6, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG_ON with error handling for CNID count checks In a06ec283e125 next_id, folder_count, and file_count in the super block info were expanded to 64 bits, and BUG_ONs were added to detect overflow. This triggered an error reported by syzbot: if the MDB is corrupted, the BUG_ON is triggered. This patch replaces this mechanism with proper error handling and resolves the syzbot reported bug. Singed-off-by: Jori Koolstra <[email protected]>

Vendor	Product	Versions
Linux	Linux	affected `a06ec283e125e334155fe13005c76c9f484ce759 - < b6536c1ced315fa645576d3a39c6e07f2a472962` affected `a06ec283e125e334155fe13005c76c9f484ce759 - < b226804532a875c10276168dc55ce752944096bd`
Linux	Linux	affected `6.18` unaffected `0 - < 6.18` unaffected `6.19.6 - <= 6.19.` unaffected `7.0 - <= `

References

https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962

https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43228

Description

Affected Products

References